SiteLock

RESPONSIBLEDIS C LOSUREPOLI C Y,1. G eneralInformation.TheSiteLock,LL C (“SiteLock”)ResponsibleDisclosurePolicy,detailstheprocessbywhichSiteLockpubliclydisclosesvulnerabilitiesfoundduringresearch,andmalwarecleaningprocesses.ThePolicyreflectsSiteLock’sdedicationtoasecurewebfor,allsiteownersanddevelopers,andstressesprivacyandtheprotectionofsensitivedata.,2. G uidelines,ItisrequiredthatallSiteLockresearchers:,●Analyzepubliclyavailablecodebases,orpurchaseacopyoflicensedcodeforanalysis,●Verifyproofofconceptexploitsoninternaltestsystems,●UnderstandandadheretotheSiteLockResponsibleDisclosurePolicyinallstepsofthe,researchprocess,SiteLockcommitstodevelopersandsiteownersto:,●Workwiththeresponsiblepartytounderstandandresolveissuesquickly,including,providingscreenshots,codeexamples,andproofofconceptcode,●Makeeveryefforttoavoidprivacyviolations,●Recognizeeffortstomitigatereportedvulnerabilities,SiteLockwillnotperformsecurityresearchinthefollowingareas:,●Physicalsecuritytestingsuchasbuildingaccess,●Socialengineeringtestssuchasphonecallsandspearphishing,●Non­public,proprietarycodebases,●Networklevelattacksordenialofservice,3.WhatSiteLockIncludesinaVulnerabilityDisclosure,SiteLockwillstrivetoprovidecomprehensiveandsuccinctvulnerabilityreportstodevelopers,whichinclude:,●Thedescriptionandimpactofthevulnerability,includingfilepathsandnames,linesof,code,andresultantfiles,●Adetaileddescriptionofthestepsrequiredtoreproducethevulnerability,● C ontactinformationfortheresearcherandcompanycontactinformation,4.TimelineforDisclosure.​SiteLockwillprovide30daysfromthedateofreportfor,developerstorespondandmitigatevulnerabilities.Developerrequestsfordisclosureextension,willbehonored.SiteLockwilladheretothe30dayguidelineifthereisalackoforcessationof,developerresponse.,Thispolicywasadaptedwithchangesfromthe​OpenSourceResponsibleDisclosureFramework​using,the​ C reative C ommonsAttribution4.0InternationalLicense​.